Thirty-year cybersecurity/networking veteran and President and CEO of SonicWall, security leader protecting a million networks globally.

Getty

Getty

Cybercriminals think you’re an easy target.

They think you’re untrained. They think you’re underfunded. They think you’re unaware. You, owners of the small and medium-sized businesses (SMBs), are ripe for exploitation. And in many cases, through no fault of your own, they’re right.

And the path to sound cybersecurity isn’t always clear for SMBs. Government guidance hasn’t helped SMBs much to date. Internally, budgets are often prioritized to revenue-producing objectives. And even when resources are allocated, the cybersecurity skills shortage makes it difficult to stay competitive with such high demand for experienced professionals.

Thankfully, a framework tailored specifically for these types of businesses is on the horizon. As decreed by last year's NIST Small Business Cybersecurity Act, NIST must deliver cybersecurity guidance to SMBs later this year. But they still have about seven months to publish their first guidelines, which is an eternity in the fast-moving cybersecurity landscape.

Fortunately, there are basic best practices and security controls SMBs can employ to implement proven layered cybersecurity to mitigate today’s sophisticated cyberattacks while using realistic budgets. Here’s a layered, outside-in approach to bolstering your security posture while keeping your business objectives a priority.

Perimeter Security Via Next-Generation Firewalls

Next-generation firewalls (NGFW) are the workhorses of network security. When properly deployed and configured, they’re extremely effective at stopping the majority of known cyberattacks.

Savvy cybercriminals hide their attacks within encrypted SSL/TLS traffic. This makes it easy for them to sneak their payloads right by traditional network defenses to infiltrate businesses.

According to our own research, through December 2018, encrypted attacks were up 27% year to date. According to Mozilla, almost 70% of Firefox web traffic was encrypted as of April. That’s a growing attack vector that demands attention.

Security vendors provide a number of solutions to responsibly decrypt, inspect and re-encrypt SSL and TLS traffic. Some functionality is integrated on advanced firewalls. Other vendors offer dedicated SSL inspection appliances. The solution that’s right for your business will depend on specific performance, deployment, budget and security objectives.

Email Security

Email has been around for decades, so its presence is unavoidable, especially in the business landscape. And for this reason, it remains one of the top attack vectors for cybercriminals, who leverage a salvo of phishing attacks and business email compromise (BEC) campaigns.

Cloud or networking sandboxing services offer real-time inspection of suspicious files that firewalls aren’t quite sure about (i.e., they can’t check against a known signature).

Cloud sandboxing is highly adept at discovering and mitigating never-before-seen threats that are so new they are able to circumvent standard security controls. The more advanced sandboxes can quarantine suspicious files until a decision is determined, greatly reducing the chance of breach or infection. In many cases, sandboxing requires a next-generation firewall as a complementary solution.

Advanced Memory And Side-Channel Inspection

The most concerning vulnerabilities are occurring at the processor level. New side-channel threats like Spectre, Meltdown, Foreshadow and PortSmash are moving the cyberwar to an entirely new theater -- one that is extremely difficult to monitor or patch.

Innovative security vendors offer advanced deep memory inspection technology that identifies and stops malicious PDFs and Office files, but also defends against advanced processor-based attacks. Working in parallel with a sandbox, this type of deep memory inspection detects and blocks malware that uses custom encryption to hide malicious behavior.

Endpoint Protection

Proactive organizations should actively defend endpoints (e.g., laptops, mobile devices, etc.) with next-generation antivirus (NGAV) solutions or an endpoint protection platform (EPP). It’s a basic step (almost common sense in the IT world), but it’s still an important one.

This layer helps monitor and mitigate successful cyberattacks that compromise an endpoint, ensuring malware can’t laterally spread through the organization. Seek endpoint security solutions that also feature automated "rollback" controls to help administrators and users return an infected machine back to a known healthy state -- and return the employee back to work.

Digital Identity Authentication

Identity and access management (IAM) is a broad area of information technology that categorizes various processes and controls to ensure the appropriate -- and vetted -- users have safe, secure access to the networks, services and data they need.

A common best practice among most organizations, multifactor authentication provides safeguards to protect against the misuse of credentials to illegally access networks, systems or software services.

Policy, Compliance And Enforcement

It’s important organizations implement consistent processes to ensure policies are being adhered to, compliance mandates are followed, and the outlined security protocols are being monitored and enforced. A lapse in any drastically reduces the effectiveness of the preceding core layers.

Know Your Business

Every business is different. And many SMBs are at different phases of their path toward a sound, layered cybersecurity posture. These layers serve as a strong bedrock and will drastically eliminate vulnerability gaps and mitigate even the most advanced cyberattacks, protecting your business, customers and brand.